Chapter 5 - Availability

Question 1

What is availability?

Answer 1

a property of software that it is there and ready to carry out its task when you need it to be

Question 2

How is availability different from reliability?

Answer 2

it builds on reliability by adding the notion of recovery and repair

Question 3

Availability general scenario: what are 5 possible values for “Source”

Answer 3

internal/external:

• people
• hardware
• software
• physical infrastructure
• physical environment

Question 4

Availability general scenario: what are 4 possible values for “Stimulus”

Answer 4

• omission
• crash
• incorrect timing
• incorrect response

Question 5

Availability general scenario: what are 4 possible values for “Artifact”

Answer 5

• system’s processors
• communication channels
• persistent storage
• processes

Question 6

Availability general scenario: what are 6 possible values for “Environment”

Answer 6

• normal operation
• startup
• shutdown
• repair mode
• degraded operation
• overloaded operation

Question 7

Availability general scenario: what are 3 possible values for “Response”

Answer 7

• prevent the fault from becoming a failure
• detect fault
• recover from fault

Question 8

Availability general scenario: what are 6 possible values for “Response Measure”

Answer 8

• time interval when the system must be available
• availability percentage
• time to detect the fault
• time to repair the fault
• time interval in which system can be in degraded mode
• the rate of a certain class of faults that the system prevents

Question 9

2 system actions that are done in order to “detect the fault”

Answer 9

• log the fault

- notify appropriate entities

Question 10

4 possible system actions that can be done in order to “recover from fault”

Answer 10

• disable the source of events causing faults
• be temporarily unavailable while the repair is being affected
• fix/mask the fault or contain damage it causes
• operate in degraded mode while repair in progress

Question 11

Definition of availability tactics?

Answer 11

they enable a system to endure faults so that services remain compliant with their specifications

Question 12

The main goal of availability tactics?

Answer 12

to keep faults from becoming failures or at least bound the effects of the fault and make repair possible

Question 13

9 tactics for detecting faults

Answer 13

• ping/echo
• monitor
• heartbeat
• timestamp
• sanity checking
• condition monitoring
• voting
• exception detection
• self-test

Question 14

Tactic for detecting faults: What is ping/echo?

Answer 14

an asynchronous request/response message pair exchanged between nodes, used to determine reachability and the round-trip delay through the associated network path

Question 15

Tactic for detecting faults: What is a monitor?

Answer 15

a component used to monitor the state of health of other parts of the system

Question 16

Tactic for detecting faults: What is a heartbeat?

Answer 16

a periodic message exchange between a system monitor and a process being monitored

Question 17

Tactic for detecting faults: What is a timestamp?

Answer 17

used to detect incorrect sequences of events, primarily in distributed message-passing systems

Question 18

Tactic for detecting faults: What is sanity checking?

Answer 18

checks the validity or reasonableness of a component’s operations or outputs

Question 19

Tactic for detecting faults: What is condition monitoring?

Answer 19

checking conditions in a process or device, or validating assumptions made during the design

Question 20

Tactic for detecting faults: What is voting?

Answer 20

to check that replicated components are producing the same results

Question 21

Tactic for detecting faults: What is exception detection?

Answer 21

detection of a system condition that alters the normal flow of execution

Question 22

Tactic for detecting faults: What is self-test?

Answer 22

a procedure for a component to test itself for correct operation

Question 23

What are the 3 main categories of availability tactics?

Answer 23

• detect faults
• recover from faults
• prevent faults

Question 24

What are the 2 sub-categories of availability tactics under recover from faults?

Answer 24

• preparation and repair

- reintroduction

Question 25

10 tactics for preparation and repair for recovering from faults

Answer 25

- active redundancy - passive redundancy - spare - exception handling - rollback - software upgrade - retry - ignore faulty behavior - degradation - reconfiguration

Question 26

Tactic for preparation and repair: what is active redundancy?

Answer 26

basically having hot backups

Question 27

Tactic for preparation and repair: what is passive redundancy?

Answer 27

the backups are not hot and get fed information during periodic updates

Question 28

Tactic for preparation and repair: what is spare?

Answer 28

a completely offline (or cold) version that undergoes a power-on-reset procedure when a fail-over occurs before it goes into service

Question 29

Tactic for preparation and repair: what is software update?

Answer 29

in-service upgrades to executable code images in a non-service-affecting manner think iOS update!!

Question 30

Tactic for preparation and repair: what is retry?

Answer 30

trying an operation again may lead to success if the failure is transient

Question 31

Tactic for preparation and repair: what is reconfiguration?

Answer 31

reassigning responsibilities to the resources left functioning while maintaining as much functionality as possible

Question 32

What are the 4 tactics for reintroduction for recovery from fault

Answer 32

- shadow - state resynchronization - escalating restart - non-stop forwarding

Question 33

Tactic for reintroduction: what is shadow?

Answer 33

operating a previously failed or in-service upgraded component in a “shadow mode” for a predefined time prior to reverting the component back to an active role

Question 34

Tactic for reintroduction: what is state resynchronization?

Answer 34

partner to active redundancy and passive redundancy where state information is sent from active to standby components

Question 35

Tactic for reintroduction: what is escalating restart?

Answer 35

recover from faults by varying the granularity of the component(s) restarted and minimizing the level of service affected

Question 36

Tactic for reintroduction: what is non-stop forwarding?

Answer 36

functionality is split into supervisory and data. If a supervisor fails, a router continues forwarding packets along known routes while protocol information is recovered and validated.

Question 37

5 tactics for preventing faults

Answer 37

- removal from service - transactions - predictive model - exception prevention - increase competence set

Question 38

Tactic for preventing faults: what are transactions?

Answer 38

bundling state updates so that asynchronous messages exchanged between distributed components are atomic, consistent, isolated, and durable

Question 39

Tactic for preventing faults: what is a predictive model?

Answer 39

monitor the state of health of a process to ensure that the system is operating within nominal parameters take some action if a dangerous state is near THINK BANKERS ALGORITHM

Question 40

Tactic for preventing faults: what is exception prevention?

Answer 40

preventing system exceptions from occurring by masking a fault, or preventing it via smart pointers, abstract data types, or wrappers.

Question 41

Tactic for preventing faults: what does it mean to increase | the compentence set?

Answer 41

designing a component to handle more cases/faults as part of its normal operation.

Question 42

3 important things for availability in terms of allocation of responsibilities

Answer 42

- determining system responsibilities that need to be highly available - allocate responsibilities for detecting 4 possible stimuli - allocate responsibilities for performing some combination of the 6 possible responses

Question 43

4 important things for availability in terms of the coordination model

Answer 43

- ensure that coordination mechanisms can detect the 4 possible stimuli - ensure the coordination mechanisms enable the 6 responses - ensure the coordination model supports the replacement of any of the 4 artifacts - determine if the coordination model will work under any of the 6 environments

Question 44

2 important things for availability in terms of the data model

Answer 44

- determine which data abstractions could cause a stimulus | - ensure that the 4 repair from recovery actions can be used on the data abstractions

Question 45

2 important things for availability in terms of the mapping among architectural elements

Answer 45

- determine which artifacts may produce a stimuli | - ensure that mapping/re-mapping of architectural elements is flexible enough to permit recovery from a fault

Question 46

5 important things for availability in terms of resource management

Answer 46

- determine what critical resources are necessary to continue operating in the presence of one of the 4 stimuli - ensure there are sufficient resources after a fault to perform any of the 6 responses - determine availability time for critical resources - specify time intervals in which critical resources must be available in any of the system environments

Question 47

1 important thing for availability in terms of binding time

Answer 47

-ensure availability strategy is sufficient to cover introduced faults caused by late bindings

Question 48

3 important things for availability in terms of choice of technology

Answer 48

- determine if available technologies can detect faults, recover, and reintroduce failed components - determine what technologies can help the response to a fault - determine availability characteristics of chosen technologies themselves